Portabilis I-Educar vulnerabilities
94 known vulnerabilities affecting portabilis/i-educar.
Total CVEs
94
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH30MEDIUM63LOW1
Vulnerabilities
Page 4 of 5
CVE-2025-7867P4MEDIUMCVSS 5.4v2.9.0v2.10.02025-07-20
CVE-2025-7867 [MEDIUM] CWE-79 CVE-2025-7867: A vulnerability has been found in Portabilis i-Educar 2.9.0/2.10.0. This vulnerability affects unkno
A vulnerability has been found in Portabilis i-Educar 2.9.0/2.10.0. This vulnerability affects unknown code of the file /intranet/agenda.php of the component Agenda Module. The manipulation of the argument novo_titulo/novo_descricao leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the publ
nvd
CVE-2025-10074P4MEDIUMCVSS 5.4≤ 2.10.0v2.0+10 more2025-09-08
CVE-2025-10074 [MEDIUM] CWE-79 CVE-2025-10074: A vulnerability was identified in Portabilis i-Educar up to 2.10. The affected element is an unknown
A vulnerability was identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /usuarios/tipos/. The manipulation of the argument Tipos de Usuário/Descrição leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used.
nvd
CVE-2025-9738P4MEDIUMCVSS 5.4≤ 2.10.0v2.0+10 more2025-08-31
CVE-2025-9738 [MEDIUM] CWE-79 CVE-2025-9738: A flaw has been found in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknow
A flaw has been found in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_tipo_ensino_cad.php. Executing manipulation of the argument nm_tipo can lead to cross site scripting. The attack can be executed remotely. The exploit has been published and may be used.
nvd
CVE-2025-9653P4MEDIUMCVSS 5.4≤ 2.10v2.0+10 more2025-08-29
CVE-2025-9653 [MEDIUM] CWE-79 CVE-2025-9653: A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is
A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_projeto_cad.php of the component Cadastrar projeto Page. Such manipulation of the argument nome/observacao leads to cross site scripting. It is possible to launch the attack remotely. The exploit is pu
nvd
CVE-2025-9652P4MEDIUMCVSS 5.4≤ 2.10v2.0+10 more2025-08-29
CVE-2025-9652 [MEDIUM] CWE-79 CVE-2025-9652: A vulnerability was determined in Portabilis i-Educar up to 2.10. Affected is an unknown function of
A vulnerability was determined in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /intranet/educar_transferencia_tipo_cad.php of the component Cadastrar tipo de transferência Page. This manipulation of the argument nm_tipo/desc_tipo causes cross site scripting. It is possible to initiate the attack remotely. The exploit has
nvd
CVE-2025-7869P4MEDIUMCVSS 5.4v2.9.02025-07-20
CVE-2025-7869 [MEDIUM] CWE-79 CVE-2025-7869: A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. A
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file intranet/educar_turma_tipo_det.php?cod_turma_tipo=ID of the component Turma Module. The manipulation of the argument nm_tipo leads to cross site scripting. The attack may be launched remotel
nvd
CVE-2025-7111P4MEDIUMCVSS 5.4v2.9.02025-07-07
CVE-2025-7111 [MEDIUM] CWE-79 CVE-2025-7111: A vulnerability has been found in Portabilis i-Educar 2.9.0 and classified as problematic. This vuln
A vulnerability has been found in Portabilis i-Educar 2.9.0 and classified as problematic. This vulnerability affects unknown code of the file /intranet/educar_curso_det.php?cod_curso=ID of the component Course Module. The manipulation of the argument Curso leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclo
nvd
CVE-2025-7110P4MEDIUMCVSS 5.4v2.9.02025-07-07
CVE-2025-7110 [MEDIUM] CWE-79 CVE-2025-7110: A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9.0. This a
A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9.0. This affects an unknown part of the file /intranet/educar_escola_lst.php of the component School Module. The manipulation of the argument Escola leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to th
nvd
CVE-2025-7109P4MEDIUMCVSS 5.4v2.9.02025-07-07
CVE-2025-7109 [MEDIUM] CWE-79 CVE-2025-7109: A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. A
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file /intranet/educar_aluno_beneficio_lst.php of the component Student Benefits Registration. The manipulation of the argument Benefício leads to cross site scripting. The attack may be launched
nvd
CVE-2025-10591P4MEDIUMCVSS 5.4≤ 2.10.0v2.0+10 more2025-09-17
CVE-2025-10591 [MEDIUM] CWE-79 CVE-2025-10591: A weakness has been identified in Portabilis i-Educar up to 2.10. This affects an unknown function o
A weakness has been identified in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_funcao_cad.php of the component Editar Função Page. This manipulation of the argument abreviatura/tipoacao causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available t
nvd
CVE-2025-9724P4MEDIUMCVSS 5.4≤ 2.10v2.0+10 more2025-08-31
CVE-2025-9724 [MEDIUM] CWE-79 CVE-2025-9724: A vulnerability was determined in Portabilis i-Educar up to 2.10. This impacts an unknown function o
A vulnerability was determined in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /intranet/educar_nivel_ensino_cad.php. Executing manipulation of the argument nm_nivel/descricao can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
nvd
CVE-2025-9720P4MEDIUMCVSS 5.4≤ 2.10v2.0+10 more2025-08-31
CVE-2025-9720 [MEDIUM] CWE-79 CVE-2025-9720: A vulnerability was detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of t
A vulnerability was detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/TabelaArredondamento/edit of the component Cadastrar tabela de arredondamento Page. The manipulation of the argument Nome results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used.
nvd
CVE-2025-9722P4MEDIUMCVSS 5.4≤ 2.10v2.0+10 more2025-08-31
CVE-2025-9722 [MEDIUM] CWE-79 CVE-2025-9722: A vulnerability has been found in Portabilis i-Educar up to 2.10. The impacted element is an unknown
A vulnerability has been found in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educar_tipo_ocorrencia_disciplinar_cad.php. Such manipulation of the argument nm_tipo/descricao leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and
nvd
CVE-2025-7868P4MEDIUMCVSS 5.4≤ 2.10.0v2.0+10 more2025-07-20
CVE-2025-7868 [MEDIUM] CWE-79 CVE-2025-7868: A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown process
A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educar_calendario_dia_motivo_cad.php of the component Calendar Module. The manipulation of the argument Motivo/descricao results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made pu
nvd
CVE-2025-9721P4MEDIUMCVSS 5.4≤ 2.10v2.0+10 more2025-08-31
CVE-2025-9721 [MEDIUM] CWE-79 CVE-2025-9721: A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function
A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been published and may be used.
nvd
CVE-2023-5578P4MEDIUMCVSS 5.4≤ 2.7.52023-10-14
CVE-2023-5578 [MEDIUM] CWE-79 CVE-2023-5578: A vulnerability was found in Portábilis i-Educar up to 2.7.5. It has been declared as problematic. A
A vulnerability was found in Portábilis i-Educar up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file \intranet\agenda_imprimir.php of the component HTTP GET Request Handler. The manipulation of the argument cod_agenda with the input ");'> alert(document.cookie) leads to cross site scr
nvd
CVE-2025-8789P4MEDIUMCVSS 4.3≤ 2.9.0v2.0+9 more2025-08-10
CVE-2025-8789 [MEDIUM] CWE-285 CVE-2025-8789: A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been classified as problematic.
A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been classified as problematic. This affects an unknown part of the file /module/Api/Diario of the component API Endpoint. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The
nvd
CVE-2025-8790P4MEDIUMCVSS 4.3≤ 2.9.0v2.0+9 more2025-08-10
CVE-2025-8790 [MEDIUM] CWE-266 CVE-2025-8790: A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been declared as critical. This
A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been declared as critical. This vulnerability affects unknown code of the file /module/Api/pessoa of the component API Endpoint. The manipulation of the argument ID leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and
nvd
CVE-2024-55651P4MEDIUMCVSS 5.4v2.9.0v= 2.92025-05-08
CVE-2024-55651 [MEDIUM] CWE-79 CVE-2024-55651: i-Educar is free, fully online school management software. Version 2.9 of the application fails to p
i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field. Through this attacker vector a malicious user might be able to retrieve informati
nvd
CVE-2025-8918P4MEDIUMCVSS 4.8≤ 2.10.0v2.0+10 more2025-08-13
CVE-2025-8918 [MEDIUM] CWE-79 CVE-2025-8918: A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown process
A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educar_instituicao_cad.php of the component Editar Page. The manipulation of the argument neighborhood name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and ma
nvd